基于流量行为图的攻击检测方法  被引量:4

Attack Detection Method Based on Flow Behavior Graph

在线阅读下载全文

作  者:张东鑫 郎波[1] 严寒冰 ZHANG Dongxin;LANG Bo;YAN Hanbing(School of Computer Science and Engineering,Beihang University,Beijing 100191,China;National Internet Emergency Center,Beijing 100029,China)

机构地区:[1]北京航空航天大学计算机学院,北京100191 [2]国家互联网应急中心,北京100029

出  处:《信息网络安全》2022年第1期72-79,共8页Netinfo Security

基  金:国家自然科学基金[U1736218];国家重点研发计划[2018YFB0804701]。

摘  要:传统基于流的攻击检测无法完全捕获网络通信模式,难以对网络中的攻击事件进行有效检测,而流量行为图中包含的信息可以有效反映主机的真实情况。文章针对多类型网络攻击检测问题,提出了基于流量行为图的攻击检测方法,实现了基于流量行为图的攻击检测。检测方法基于聚类和生成学习模型,包含两个阶段,第一阶段通过聚类算法尽可能地过滤良性节点,第二阶段应用生成学习模型检测多种不同攻击事件。在公开数据集上的实验结果表明,文章提出的攻击检测方法可以有效检测出网络中存在的多种不同攻击事件。此外,系统使用基于Apache Spark的分布式处理框架,可以有效进行大规模数据处理。Traditional flow-based attack detection cannot fully capture network communication patterns,and it is difficult to effectively detect attack events that exist in the network.The information contained in the flow behavior graph can effectively reflect the real behavior of the host.Aiming at the detection of multiple types of network attacks,this article proposed an attack detection method based on flow behavior graph,and the attack detection based on flow behavior graph was realized.The detection method is based on clustering and a generative learning model,and consists of two stages.The first stage uses a clustering algorithm to filter benign nodes as much as possible,and the second stage uses a generative learning model to detect a variety of different attack events.The experimental results on the public data set show that the attack detection method proposed in this article can effectively detect a variety of different attack events in the network.In addition,the system uses a distributed processing framework based on Apache Spark,which can effectively process large-scale data.

关 键 词:流量行为图 聚类 生成学习 攻击检测 SPARK 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象